Open Stack

On 2/11/2013 2:29 AM, Clark, Robert Graham wrote:
>
> Both CBC-AES and XTS-AES are perfectly well supported in modern OS's 
> after all we're all talking about using AES, only the mode of 
> operation is being discussed.
>
> While it's true that those deploying OpenStack will want to use 
> something that's OS supported, we should ensure that the most prudent 
> default setting is set. As a secondary point this is a completely 
> appropriate venue for this discussion. It's important that as a 
> community we have a discussion about the use of crypto primitives, 
> algorithms, modes etc.
>
> I'm  not an expert on crypt but have worked in this space for a few 
> years, I think using CBC with suitable IV would provide a similar 
> assurance levels as XTS, the advantage perhaps with CBC is that one 
> wouldn't need to use such large key sizes. If memory serves XTS does 
> some peculiar key splitting which forces the user to use either 256 or 
> 512bit keys.
>
> In either case I think the data will probably be sufficiently secure 
> on disk. When appraising/attacking any modern crypto system I will 
> always go after the key server first, where would be a good place to 
> read about the forthcoming 'enhanced key management server' ?
>
>

As I understand it you are proposing setting a minimal standard for 
storage encryption in OpenStack.

I am not necessarily opposed to that, but I would rather focus on 
ensuring that OpenStack's handling
of keys was of sufficiently high quality before limiting what OS 
encryption capabilities will be allowed.

Historically, there has been a tradeoff between affordability and 
quality of encryption. About a decade
ago you may recall there was an effort to define "Better Than Nothing" 
security in the IETF, based on the
premise that 'inferior' encryption that people would use was better than 
'superior' encryption that would
be turned off.

That has not been as hot of an issue recently, mostly because processing 
makes "expensive" encryption
affordable almost faster than a debate can be resolved.

That is why I think this is a debate better left to implementers and OS 
communities. By the time we
can select what "minimal" encryption needs to be it could well be a moot 
discussion.

The security of encryption is dependent on the speed of an attacking 
machine, only communities that
are prepared to stay on top of the latest encryption technologies should 
be offering advise to end
consumers on these matters.

I'd recommend that OpenStack just use the technology that is available, 
and specifically avoid endorsing
any of the options.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130212/c9f5544f/attachment.html>